exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-171

Mandriva Linux Security Advisory 2010-171
Posted Sep 8, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-171 - The cluster logical volume manager daemon in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted control commands. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, local
systems | linux, redhat, mandriva
advisories | CVE-2010-2526
SHA-256 | c4273b3d2b834ca292d7a33635b5ab63841e94dd24978262fa809e54e9c0fca8
Download | Favorite | View

Mandriva Linux Security Advisory 2010-171

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:171
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : lvm2
 Date    : September 6, 2010
 Affected: 2009.1, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in lvm2:
 
 The cluster logical volume manager daemon (clvmd) in lvm2-cluster
 in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)
 and other products, does not verify client credentials upon a socket
 connection, which allows local users to cause a denial of service
 (daemon exit or logical-volume change) or possibly have unspecified
 other impact via crafted control commands (CVE-2010-2526).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2526
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 11ac47baa0dffc858deae4847afc95bc  2009.1/i586/clvmd-2.02.33-8.1mnb2.i586.rpm
 3e28f4c39a97f96dff14ea07e63c0375  2009.1/i586/lvm2-2.02.33-8.1mnb2.i586.rpm 
 1473d81d8d69eecfffeba569d6a524ab  2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm

 Mandriva Linux 2009.1/X86_64:
 f3c07dc0fa38749ea2be8b8a334e08c7  2009.1/x86_64/clvmd-2.02.33-8.1mnb2.x86_64.rpm
 18f0a933f3236c38a7b2f0c8fdfb0516  2009.1/x86_64/lvm2-2.02.33-8.1mnb2.x86_64.rpm 
 1473d81d8d69eecfffeba569d6a524ab  2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm

 Mandriva Linux 2010.0:
 28d2ca049d8736523166f7c99730550d  2010.0/i586/clvmd-2.02.53-9.2mnb2.i586.rpm
 e6456c6b7f8b64bb9579cd485fd1883c  2010.0/i586/dmsetup-1.02.38-9.2mnb2.i586.rpm
 f44de286bd97799df0633639605f9a7b  2010.0/i586/libdevmapper1.02-1.02.38-9.2mnb2.i586.rpm
 9b497f111670636f1dfc9fd3d0635b63  2010.0/i586/libdevmapper-devel-1.02.38-9.2mnb2.i586.rpm
 dc1d8288bc99b1a1e18508d6a0edb595  2010.0/i586/libdevmapper-event1.02-1.02.38-9.2mnb2.i586.rpm
 9b01ee505c3a4949fa0f161c03280b83  2010.0/i586/libdevmapper-event-devel-1.02.38-9.2mnb2.i586.rpm
 61cfd88b9c6789d37fdaf4f6254116ff  2010.0/i586/liblvm2cmd2.02-2.02.53-9.2mnb2.i586.rpm
 929d5d33f66502a078cd8212e1b537b1  2010.0/i586/liblvm2cmd-devel-2.02.53-9.2mnb2.i586.rpm
 b17cbac08c61dce99597e6dbb6702045  2010.0/i586/lvm2-2.02.53-9.2mnb2.i586.rpm 
 27e1f390f03910f521d6c9248fd28cfb  2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm

 Mandriva Linux 2010.0/X86_64:
 3bf5a13a5e066af39062bdaa7a4e6d87  2010.0/x86_64/clvmd-2.02.53-9.2mnb2.x86_64.rpm
 aa1f570c9a929aee83dd9547ae905468  2010.0/x86_64/dmsetup-1.02.38-9.2mnb2.x86_64.rpm
 81f077f42936ec8be557105a220a149b  2010.0/x86_64/lib64devmapper1.02-1.02.38-9.2mnb2.x86_64.rpm
 e90c54801d5d3e201d68731e2cbc4dc5  2010.0/x86_64/lib64devmapper-devel-1.02.38-9.2mnb2.x86_64.rpm
 56d2c5cd25dfef94a15568c420743fea  2010.0/x86_64/lib64devmapper-event1.02-1.02.38-9.2mnb2.x86_64.rpm
 4cff5d26f20d11a57a7dffe7fb3421a8  2010.0/x86_64/lib64devmapper-event-devel-1.02.38-9.2mnb2.x86_64.rpm
 40f4f8aa95abd23c8640e5cf22031b02  2010.0/x86_64/lib64lvm2cmd2.02-2.02.53-9.2mnb2.x86_64.rpm
 a87f6ecae4c05b5ced933cb3468ed499  2010.0/x86_64/lib64lvm2cmd-devel-2.02.53-9.2mnb2.x86_64.rpm
 96c9b9781d1168c90a557cc583930a7e  2010.0/x86_64/lvm2-2.02.53-9.2mnb2.x86_64.rpm 
 27e1f390f03910f521d6c9248fd28cfb  2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm

 Mandriva Linux 2010.1:
 48f74df7e0156e45f230429aa41cea7a  2010.1/i586/clvmd-2.02.61-5.1mnb2.i586.rpm
 a5fa92bb7251a9f9b9a651a9d681c470  2010.1/i586/cmirror-2.02.61-5.1mnb2.i586.rpm
 c7281a45862b7460be4b9623165cc591  2010.1/i586/dmsetup-1.02.44-5.1mnb2.i586.rpm
 98c4f715edc57a2a81631cb2ab9a824b  2010.1/i586/libdevmapper1.02-1.02.44-5.1mnb2.i586.rpm
 e5b0271e14e85ad94cb3e746960993b1  2010.1/i586/libdevmapper-devel-1.02.44-5.1mnb2.i586.rpm
 2b83f2c3a303604e42868b074364b017  2010.1/i586/libdevmapper-event1.02-1.02.44-5.1mnb2.i586.rpm
 aef97aaed0fd616df5a046d9b05f55e2  2010.1/i586/libdevmapper-event-devel-1.02.44-5.1mnb2.i586.rpm
 1ed885e2a23ca5f9bdaa5796615feeea  2010.1/i586/liblvm2app2.1-2.02.61-5.1mnb2.i586.rpm
 9a62cea841692f4a744019664cb6b959  2010.1/i586/liblvm2cmd2.02-2.02.61-5.1mnb2.i586.rpm
 a1bc253b7a92b6c7b1ac96e7e2521ee3  2010.1/i586/liblvm2cmd-devel-2.02.61-5.1mnb2.i586.rpm
 972c3885883f95b793e4dfaa46121685  2010.1/i586/liblvm2-devel-2.02.61-5.1mnb2.i586.rpm
 08190534acaa182f48f8c2aca8b3ad31  2010.1/i586/lvm2-2.02.61-5.1mnb2.i586.rpm 
 3de3e283a5907efe36b7f5b9038c32a2  2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 3c33074b320e7b7651b9872674bce70b  2010.1/x86_64/clvmd-2.02.61-5.1mnb2.x86_64.rpm
 e0bcdee0b2f4e725bfd17b35a9959aa0  2010.1/x86_64/cmirror-2.02.61-5.1mnb2.x86_64.rpm
 47c54c45f3f00ae9fe0f9176623739ac  2010.1/x86_64/dmsetup-1.02.44-5.1mnb2.x86_64.rpm
 0b25f189581132d3d0bcf736f66ae4c9  2010.1/x86_64/lib64devmapper1.02-1.02.44-5.1mnb2.x86_64.rpm
 d3b6a286c01ed42a08301f5425d5e13b  2010.1/x86_64/lib64devmapper-devel-1.02.44-5.1mnb2.x86_64.rpm
 7f0596865ef0a8baec758a106a030749  2010.1/x86_64/lib64devmapper-event1.02-1.02.44-5.1mnb2.x86_64.rpm
 9346f3ad1ce7d7b9cb68ab77adf1d809  2010.1/x86_64/lib64devmapper-event-devel-1.02.44-5.1mnb2.x86_64.rpm
 4c70fc76e4330e61d8b013e5f5396349  2010.1/x86_64/lib64lvm2app2.1-2.02.61-5.1mnb2.x86_64.rpm
 248c9c277bd694c1c5f239f2f8dcb983  2010.1/x86_64/lib64lvm2cmd2.02-2.02.61-5.1mnb2.x86_64.rpm
 edd014cb4cd0a637ca2e6038d6473958  2010.1/x86_64/lib64lvm2cmd-devel-2.02.61-5.1mnb2.x86_64.rpm
 5a5db48748ff8e3ad9c6fcfbab003013  2010.1/x86_64/lib64lvm2-devel-2.02.61-5.1mnb2.x86_64.rpm
 8ba0060f839c48eda20db9299933f527  2010.1/x86_64/lvm2-2.02.61-5.1mnb2.x86_64.rpm 
 3de3e283a5907efe36b7f5b9038c32a2  2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMhMgBmqjQ0CJFipgRAoeBAKCwND3HDmabTzsVVnJJB9Tq6+imGQCgqRAE
DFyM1mq7f33nL+kHFr1LlBo=
=zRsP
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close